Vulnerabilities Found in Critical Infrastructure Security Software

Below:

Next story in Security

Critical infrastructure security is under scrutiny this week, as
security researchers have discovered 45 vulnerabilities in the
software used to control facilities such as nuclear plants and
oil refineries.

Thirty-four security bugs were found in programs by Siemens,
Iconics, 7-Technologies, Datac and Control Microsystems that
could allow attackers to remotely execute code, access sensitive
data, and disrupt physical equipment by targeting supervisory
control and data acquisition software (SCADA) installed on
Internet-connected machines,
The Register reported.

SCADA software is used to monitor and operate critical
infrastructure systems and automated industrial manufacturing,
refining and production processes. The high-profile
Stuxnet worm that targeted Iran’s Bushehr nuclear reactor in
the summer of 2010 was designed to infiltrate SCADA
vulnerabilities in Siemens software.

“SCADA is a critical field but nobody really cares about it, “
researcher Luigi Auriemma, the researcher who found the
vulnerabilities, told The Register.

Auriemma released proof-of-concept attack codes for the SCADA
flaws as a way of shining a spotlight on the need for updated
infrastructure networks.

His findings came less than a week after a Moscow-based security
firm called Gleg released Agora SCADA+, an exploit pack that
highlights 11 SCADA security weaknesses.

The Register reported that SCADA software is often found on old
computer systems that are “difficult to replace without causing
disruptions to critical equipment,” and that as a result, crucial
necessary
security updates are often avoided.